[Git][security-tracker-team/security-tracker][master] Add CVE-2023-42822/xrdp

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28a1c585 by Salvatore Bonaccorso at 2023-09-27T22:21:43+02:00
Add CVE-2023-42822/xrdp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -95,7 +95,9 @@ CVE-2023-43125 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel
 CVE-2023-43124 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel.Note: ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to the f ...)
-	TODO: check
+	- xrdp <unfixed>
+	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
+	NOTE: https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40
 CVE-2023-42657 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traver ...)
 	NOT-FOR-US: Progress WS_FTP Server
 CVE-2023-42487 (Soundminer \u2013 CWE-22: Improper Limitation of a Pathname to a Restr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28a1c58592168dd5246040dc99da5a40d1fe1029

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28a1c58592168dd5246040dc99da5a40d1fe1029
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230927/141b91b8/attachment.htm>